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Detailed Action 

This office action is in response to the correspondence received on July 24, 2009. 

Withdrawal of Finality 

Applicant's arguments within the last correspondence have been deemed 
persuasive and, therefore, the finality of that action is withdrawn. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim1-15 and 21-25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End 
Protocol Semantics," by Mark Handley and Vern Paxson in view of Hurst et al (US 
Patent No: 6,192,404), hereafter referred to as Handley and Hurst, respectively. 

1 . With regards to claims 1,6,11 and 21 , Handley teaches through Hurst, a method 
of blocking attacks on a protected computer network, comprising: receiving a 
plurality of packets from a network, each said packet having a packet time to live 
(TTL) value and belonging to a corresponding packet flow (equivalent to the 
normalizer receiving packets; see p. 6, right column, item 3, Handley); storing the 
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smallest packet TTL value received from each said corresponding packet flow; 
and prior to transmitting each said packet, setting said packet TTL value to said 
smallest packet TTL value received for said corresponding packet flow (Handley 
discloses setting the TTL to the minimum; see p. 9, left column, TTL solution #3, 
Handley). 

While Handley teaches setting the TTL to the minimum, Handley does not 
explicitly teach the TTL being set to a lower value. In Handley's disclosure it is 
taught how the TTL is set to the value that is set aside as the minimum value but, 
that does not always mean that the minimum value is lower than the previous 
TTL. In the same field of endeavor, Hurst also teaches network that uses TTL 
with packets. Within Hurst's disclosure, it is taught how the TTL of the packet 
and the minimum TTL are compared and the TTL is set to whichever is lower; 
see column 7, lines 27-31 , Hurst. The setting of the TTL to a lower value 
prevents the packet from being cached too long (it is disposed of earlier). 
Therefore it would have been obvious to one skilled in the art, during the time of 
the invention, to have combined the teachings of Handley with those of Hurst, to 
provide more up-to-date data. 

2. With regards to claims 2, 7, 12 and 22, Handley teaches through Hurst, the 
method wherein said storing the smallest packet TTL value comprises: 
associating an epoch with said stored smallest packet TTL value; and if said 
epoch is greater than a predefined value, discarding said stored smallest packet 



Application/Control Number: 10/820,591 Page 4 

Art Unit: 2445 

TTL value (equivalent to the restoring TTL disclosed by Handley; see p. 9, left 
column, "Effect on semantics," Handley). 



3. With regards to claims 3, 8, 13 and 23, Handley teaches through Hurst, the 
method further comprising periodically resetting said stored smallest packet TTL 
value to a maximum value (such steps are performed by the normalizerin 
Handley's disclosure; see p. 16, right column, item 21, Handley). 



4. With regards to claims 4, 9, 14 and 24, Handley teaches through Hurst, the 
method wherein said setting said packet TTL value comprises: determining if 
said corresponding packet flow is on an unrestricted list; and if said 
corresponding packet flow is on said unrestricted list, setting said packet TTL 
value to a maximum value (Handley's design sets the TTL large to allow the 
packet to travel unrestricted by time; see p. 4, right column, 4 th paragraph, 
Handley). 



5. With regards to claims 5, 10, 15 and 25, Handley teaches through Hurst, the 
method wherein said setting said packet TTL value comprises: determining if 
said corresponding packet flow is on an unrestricted list; and if said 
corresponding packet flow is on said unrestricted list, leaving said packet TTL 
value unchanged (see p. 15, left column, first paragraph, Handley). 
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6. The obviousness motivation applied to independent claims 1 , 6, 1 1 and 21 are 
applicable towards their respective dependent claims. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 31 , 33, 35 and 37 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over "Network Intrusion Detection: Evasion, Traffic Normalization, and 
End-to-End Protocol Semantics," by Mark Handley and Vern Paxson in view of Hurst et 
al (US Patent No: 6,1 92,404) and in further view of McElligott (US PGPUB No: 
2003/0009594), hereafter referred to as Handley, Hurst and McElligott, respectively. 

7. With regards to claims 31 , 33, 35 and 37, Handley teaches through Hurst and 
McElligot the method wherein storing the smallest packet TTL value received 
from each said corresponding packet flow includes, for each said packet: if that 
packet is the first packet received from said corresponding packet flow, then 
storing the packet TTL value of that packet as said smallest packet TTL value 
received from said corresponding packet flow (McElligot teaches that the lowest 
TTL is stored within variable LowestTtlEchoReply. It is implicit that if the packet 
received is the first packet, the variable is empty and hence the first packet's TTL 
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will be the lowest TTL and hence stored within the variable; see paragraph 55, 
McElligot. Also see Figure 7 wherein McElligot teaches the process by which 
determination is made as to whether to store the TTL within elements 106, 108 
and 110); if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is less than the stored 
smallest packet TTL value received from said corresponding packet flow, then 
storing the packet TTL value of that packet as said smallest packet TTL value 
received from said corresponding packet flow (Handley teaches this within p. 9, 
left column, TTL solution #3 that the lower TTL is stored. In addition, McElligot 
teaches that if the packet's TTL is lower than that stored within the variable, the 
lower TTL is stored; see paragraph 55, McElligot. Also see Figure 7 wherein 
McElligot teaches the process by which determination is made as to whether to 
store the TTL within elements 106, 108 and 110); and if that packet is not the first 
packet received from said corresponding packet flow and the packet TTL value of 
that packet is greater than the stored smallest packet TTL value received from 
said corresponding packet flow, then refraining from storing the packet TTL value 
of that packet as said smallest packet TTL value received from said 
corresponding packet flow (McElligot teaches that if the TTL is not the lowest, 
then it is not stored, as claimed; see Figure 7, elements 106, 108 and 110, 
McElligot). 

While Handley teaches through Hurst, the storage of the lowest TTL as 
claimed, neither Handley nor Hurst explicitly teaches what happens when the 
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TTL is greater than that already stored. In the same field of endeavor, McElligot 
also teaches a network packet design. Within McElligot's disclosure it is taught 
how a determination is made whether the TTL is lower than that already stored, if 
not, it is not stored; see Figure 7, elements 106, 108 and 110, McElligot. The 
storage of the lowest TTL and refraining from storing greater TTL helps keep 
track of packets that are most current and hence identifies corresponding devices 
that are closest. Therefore it would have been obvious to one skilled in the art, 
during the time of the invention, to have combined the teachings ofHandley and 
Hurst with those of McElligot for the purpose of storing only the most current 
packets and hence also the closest devices; see paragraph 57, McElligot. 



Response to Arguments 

Applicant's arguments with respect to claims 1 -1 5 and 21-25, 31 , 33, 35, and 37 
have been considered but are moot in view of the new ground(s) of rejection. In lieu of 
the argument that Handley fails to explicitly teach setting the TTL value to the smallest 
packet TTL value, the 102-type rejection has been replaced with a 103-type rejection 
using the Hurst prior art. Hurst teaches how the TTL of the packet and the minimum 
TTL are compared and the TTL is set to whichever is lower; see column 7, lines 27-31 , 
Hurst. The setting of the TTL to a lower value prevents the packet from being cached 
too long (it is disposed of earlier). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AZIZUL CHOUDHURY whose telephone number is 
(571)272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Vivek Srivastava can be reached on (571) 272-7304. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/A. CV 

Examiner, Art Unit 2445 

A/IVEK SRIVASTAVA/ 

Supervisory Patent Examiner, Art Unit 2445 



